curl-library
[PATCH 2/2 v2] ntlm_wb: Avoid invoking ntlm_auth helper with empty username
From: David Woodhouse <dwmw2_at_infradead.org>
Date: Sat, 12 Jul 2014 11:22:38 +0100
Received on 2014-07-12
Date: Sat, 12 Jul 2014 11:22:38 +0100
From: David Woodhouse <David.Woodhouse_at_intel.com>
--- v2: Add getpwuid_r() and $USER as potential sources of username. On Sat, 2014-07-12 at 02:49 +0200, Dan Fandrich wrote: > If the intent is to get the current user name, getpwuid(geteuid())->pw_name > seems to me like the best way to get it (but actually using the reentrant > versions with appropriate error checking). Falling back to environment > variables seems like a bit of a hack, although I could see the utility of > having a way to override the current user through a variable in some cases. > I'm not sure on where the variable NTLMUSER is used, but if this code is going > to end up checking environment variabless, USER is another one reasonable one > to try. I note that for finding the home directory in both lib/netrc.c and src/tool_homedir.c we use $HOME *before* getpwuid(). And we actually use getpwuid() instead of getpwuid_r(), which probably ought to be fixed. New version at git://, http://git.infradead.org/users/dwmw2/curl.git and (obviously) here... configure.ac | 1 + lib/curl_ntlm_wb.c | 31 +++++++++++++++++++++++++++++++ 2 files changed, 32 insertions(+) diff --git a/configure.ac b/configure.ac index a06f0fd..e8d322a 100644 --- a/configure.ac +++ b/configure.ac @@ -3033,6 +3033,7 @@ AC_CHECK_FUNCS([fork \ getppid \ getprotobyname \ getpwuid \ + getpwuid_r \ getrlimit \ gettimeofday \ if_nametoindex \ diff --git a/lib/curl_ntlm_wb.c b/lib/curl_ntlm_wb.c index b22d8ad..727a804 100644 --- a/lib/curl_ntlm_wb.c +++ b/lib/curl_ntlm_wb.c @@ -39,6 +39,9 @@ #ifdef HAVE_SIGNAL_H #include <signal.h> #endif +#ifdef HAVE_PWD_H +#include <pwd.h> +#endif #include "urldata.h" #include "sendf.h" @@ -117,6 +120,10 @@ static CURLcode ntlm_wb_init(struct connectdata *conn, const char *userp) char *slash, *domain = NULL; const char *ntlm_auth = NULL; char *ntlm_auth_alloc = NULL; +#if defined(HAVE_GETPWUID_R) && defined(HAVE_GETEUID) + struct passwd pw, *pw_res; + char pwbuf[1024]; +#endif int error; /* Return if communication with ntlm_auth already set up */ @@ -125,6 +132,30 @@ static CURLcode ntlm_wb_init(struct connectdata *conn, const char *userp) return CURLE_OK; username = userp; + /* The real ntlm_auth really doesn't like being invoked with an + empty username. It won't make inferences for itself, and expects + the client to do so (mostly because it's really designed for + servers like squid to use for auth, and client support is an + afterthought for it). So try hard to provide a suitable username + if we don't already have one. But if we can't, provide the + empty one anyway. Perhaps they have an implementation of the + ntlm_auth helper which *doesn't* need it so we might as well try */ + if(!username || !username[0]) { + username = getenv("NTLMUSER"); +#if defined(HAVE_GETPWUID_R) && defined(HAVE_GETEUID) + if((!username || !username[0]) && + !getpwuid_r(geteuid(), &pw, pwbuf, sizeof(pwbuf), &pw_res) && + pw_res) { + username = pw.pw_name; + } +#endif + if(!username || !username[0]) + username = getenv("LOGNAME"); + if(!username || !username[0]) + username = getenv("USER"); + if(!username || !username[0]) + username = userp; + } slash = strpbrk(username, "\\/"); if(slash) { if((domain = strdup(username)) == NULL) -- 1.9.3 -- David Woodhouse Open Source Technology Centre David.Woodhouse_at_intel.com Intel Corporation
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
- application/x-pkcs7-signature attachment: smime.p7s